It is by now well established that single-factor authentication of internet user identity, typically via passwords, provides inadequate security for financial transactions. Users tend to use short, easily-deduced or easily-guessed passwords, and/or passwords that can be guessed at by automated brute-force methods. Even long, nominally “safe” passwords are regularly stolen from poorly-secured databases. To counter this problem, various forms of two-factor authentication has been developed. Essentially, two-factor authentication requires a would-be user to provide two authentication factors. Something known only to the authorized user (e.g. a login password) is usually combined with something that should only be in the physical possession of the authorized user.
Typical second factors include USB sticks carrying secret tokens, the magnetic strips on bank cards, digital certificates, and biometric identifiers such as fingerprints, retinal or iris patterns, facial recognition, and voice recognition. An increasingly popular second factor involves the use of users' cell phones. Dynamically generated passcodes can be sent to a user's cell phone via SMS messaging, so that possession of the cell phone (and access to incoming text messages) provides the necessary “physically possessed” factor. As an alternative to user-entered passcodes, some systems permit a direct response, via the cell phone itself, to serve as the second factor via a second channel. The remarkable ubiquity of cell phones has made such methods fairly effective, especially where the cell phone itself is the source of the initial login, and/or the device with which the user initiated the transaction. Nonetheless, two-factor identification via cell phones is somewhat inconvenient, in that the user must interact with the phone in some way, in order to convey to the authentication system that he or she does indeed have physical possession of the phone.
Some efforts have been made to reduce the inconvenience of providing a second factor via a cell phone. One such method involves making assumptions about the user's continued possession of the cell phone over a period of time after an initial, successful two-factor authentication. One such assumption is based on physical location: if the user is still using the same computer to login with, and the user's cell phone has not changed location, it is possible to automate the provision of the second factor with reasonable confidence. If the user confirms that the location is an “authorized location”, such as his home or office, or a regularly-patronized retail location or restaurant, future requests for the second factor made from the same location can be responded to with an automated reply, provided only that the cell phone can be geo-located at the location from which the initial login originated.
Geo-location methods for cell phones are well-developed. Common methods rely on GPS location (where the phone has GPS capabilities), carrier cell tower signal timing and triangulation, and Wi-Fi geo-location based on detailed maps of Wi-Fi signal sources. The geo-location of a user's phone, however, generally entails acquisition and storage of the user's personal movements over an extended period of time, which is an invasion of privacy requiring, in most jurisdictions, obtaining the consent of the user to have his or her motions tracked. The giving of consent itself requires user interaction with the authentication system, and even if consent is given, the user has been required to trade privacy for convenience.
Grim, in U.S. patent application Ser. Nos. 13/660,976 and 14/071,637 (publication Nos. 20130104198 and 20140068723; both assigned to Toopher Inc. and both incorporated herein by reference in their entireties), describes systems and methods for authenticating defined user actions over a computer network. An authentication service receives an authentication request from an authenticating service to perform an action on behalf of a user. The authentication service then sends a permission request to a mobile device associated with the user, asking the user whether or not the action should be allowed. The user sends a permission response via the mobile device to the authentication service, granting or denying the action. The user may automate future similar responses so long as at least one automation criterion is met (e.g., the physical location of the mobile device.) Information necessary to determine whether an automation criterion is met is stored locally on the mobile device. Toopher requires two clicks by the user in order to automate the user's authentication: one click to “allow” and another click to “automate future transactions.” Two actions are also required if none of the automation criteria are met.
Oberheide et al., in a series of US patent applications (Ser. Nos. 13/647,166, 13/953,343, 14/271,258, 14/188,449, 14/188,492, 14/517,078, 14/455,630, 14/455,640, 14/482,829, 14/482,796 and 14/590,512; publication Nos. 20130091544, 20130312078, 20140245379, 20140245389, 20140245450, 20150040190, 20150046989, 20150046990, 20150074408, 20150074644 and 20150161378; all assigned to Duo Security, Inc. and all of which are incorporated herein by reference in their entireties), describes a platform for two-factor authentication via a second channel. A regular notification message is sent to the user's mobile voice device every time that an authentication is required.
There remains a need for two-factor authentication methods that require only a single action by the user under most or all circumstances. There remains also a need for two-factor authentication methods that can be automated without compromising the privacy of the user.